Cloud Certification for Government Operations

August 13, 2013

In the cloud services for critical infrastructure is getting more transparent to end users. Jim Reavis, co-founder and executive director of the Cloud Security Alliance (CSA), says that "transparency has always been a significant part of the CSA's vision, and today this objective is more critical than ever." Photo courtesy of the Zalud Report

The Cloud Security Alliance (CSA) announced in late July a number of milestones in its continued efforts to spearhead global transparency for cloud services. Over 30 entries, from major cloud providers, have been made to its Security, Trust and Assurance Registry (STAR). Later this fall, the CSA, along with the BSI (British Standards Institution), will unveil details of the STAR certification effort.

"With over 48,000 individual members, and 70 chapters globally, the CSA has become the global authoritative source for trust in the cloud," contends Dave Cullinane, chairman of the CSA Board of Directors. "As we look to the future, we believe that enabling assurance in a global compute utility is one of the greatest challenges facing the industry, if we want cloud computing to meet its potential. As a result, we continue to focus our efforts on enabling transparency among cloud providers, for the benefit of consumers around the world."

In late 2011, the CSA introduced STAR, a first step in improving transparency and assurance in the cloud. Major cloud players include Amazon Web Services, Box.com, HP, Microsoft, Ping Identity, Red Hat, Skyhigh Networks, Symantec and Terremark, who submitted entries into the registry.

CSA also has published results of its recent survey on government access to information. The survey received almost 500 responses from CSA members around the world. It found that 56 percent of non-U.S. residents were now less likely to use U.S.-based cloud providers, in light of recent revelations about government access to customer information. An overwhelming 90 percent of respondents said that companies which have been subpoenaed through provisions of the U.S. Patriot Act should be able to publish summary information about the amount of responses they have made. Full results of the survey can be found at https://cloudsecurityalliance.org/research/surveys/#_nsa_prism.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

Right now, in the pandemic environment, business leaders are balancing internal priorities – managing cost and impacts to productivity – with market and external priorities like government requirements, customer needs, and perceived standards of safety and health.

Security Magazine

2020 August

This month in Security magazine, we examine how physical security leaders are being propelled into a unique position of revenue preservers and risk managers for their businesses. In addition, we profile Scott Ashworth, Director of Security for Atlanta United. Also, security leaders discuss how to develop cybersecurity careers, election security, data protection strategies, measuring and reporting security operations maturity and more!

View More Create Account

Cloud Certification for Government Operations

Related Articles

Related Products

Report Abusive Comment